Analysis
-
max time kernel
150s -
max time network
153s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
02-05-2023 02:40
General
-
Target
d6681af1ce73f97a63208c382a3fdfc2afa69262e9f1a2b7b4ca1460f0229958.elf
-
Size
24KB
-
MD5
f345520b4641bd6f165faef2e21bb017
-
SHA1
15aed922356b5ddf66a9f2a6cd3672564e3d50e3
-
SHA256
d6681af1ce73f97a63208c382a3fdfc2afa69262e9f1a2b7b4ca1460f0229958
-
SHA512
7603748c6f10235740f625ed295828165860909edc7c94c46bf96bf296140c2747af5ff6eea254515f67947edc3a225b53901fce37df5ec38c77cd018168d65f
-
SSDEEP
768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBp5ZqEWv7:/QlS07FUXqIYSXQKquvq9
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 2 IoCs
Processes:
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/402/cmdline File opened for reading /proc/408/cmdline File opened for reading /proc/401/cmdline
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/329-1-0x00400000-0x00452a58-memory.dmp